[Greylist-users] What timeouts do you guys use for greylisiting

William Blunn bill--greylist at blunn.org
Thu Dec 2 07:41:51 PST 2004

> - Initial Delay
> - How long you will wait before unauthorized triplet will time out
> - How long you let passed triplets continue to pass before they time out.

On this last one I hope you mean "since we last saw the triplet" ---
you don't want to be expiring active triplets.

> I'm using
> 1 min
> 7 days (I know this is high)
> 8 days
> any thoughts ?

I'm using these:

1. initial delay: 1 minute
2. expiry time for unrecognised triplets: 7 days
3. expiry time for triplets where we have accepted one message (i.e.
   two delivery attempts; the first one was temporarily rejected):
     65 days

4. expiry time for triplets where we have accepted more than one
     390 days
   Note this interval is since we last saw the triple.  If the sender
   keeps sending messages, then the triple will never expire.
5. expiry time for "reverse" triplets, i.e. those generated as a
   result of an outgoing message
     35 days

The idea with number 3 is that many messages are made with one-off
sender addresses.  So you will only ever see them once, and we don't
want really want to keep them around cluttering up the database.

But once we have had two successful messages from a triplet, then we
might as well let it have a longer expiry interval (case 4).

For "reverse" triplets, we don't have a sending host IP address (or
/24 network), so we allow *any* host to match on these.  There is
possibly some exposure here, so we keep the expiry time not too long.


More information about the Greylist-users mailing list